Authentication Method Based on GBA, and Device thereof

ABSTRACT

proviced is an authentication method based on a GBA, and the method includes: a BSF receives an initialization request message sent by a UE, wherein the initialization request message carries a first identifier of the UE, and the first identifier comprises at least one of the following: a SUCI, an identifier converted from the SUCI, and a TMPI associated with the subscriber identity; the BSF acquires an AV of the UE according to the first ID; the BSF completes GBA authentication with the UE according to the acquired AV. In this way, the privacy of the SUPI is protected for the UE, and the SUCI or the identifier converted from the SUCI is used to perform the bootstrapping process of the GBA, thereby improving the security of the GBA authentication process.

CROSS-REFERENCE TO RELATED APPLICATIONS

The present disclosure claims priority to Chinese Patent Application No.201811302478.4, filed to the China Patent Office on Nov. 2, 2018, thedisclosure of which is hereby incorporated by reference in its entirety.

TECHNICAL FIELD

Embodiments of the present disclosure relate to, but are not limited to,a Generic Bootstrapping Architecture (GBA), and more particularly, to anauthentication method based on the GBA, and a device thereof.

BACKGROUND

The 3GPP (3rd Generation Partnership Project) is currently conductingresearches on a 5G (5th Generation) system, and according to thedefinition of the 3GPP standard working group, the 5G system comprises aradio subsystem 5G RAN (Radio Access Networkk) and a 5G core network(SGC) subsystem.

In a mobile network, a UE (User Equipment) usually need to establish asecure connection with a Network Application Function (NAF) in thenetwork. The GBA is a general mechanism defined by the 3GPP for mutualauthentication and key negotiation between a UE and an applicationserver.

However, at present, the related authentication mechanism based on theGBA is not provided in the 5G technology, to ensure the communicationsecurity between the UE and the NAF in the 5G network.

SUMMARY

In view of the above, an authentication method based on a GBA accordingto, comprising:

A bootstrapping service function (BSF) receives an initializationrequest message sent by a UE, wherein the initialization request messagecarries a first identifier of the UE, and the first identifier comprisesat least one of the following: a Subscriber Concealed Identifier (SUCI),an identifier converted from the SUCI, and a temporary identifier (TMPI)associated with the subscriber identity; the BSF acquires an AV of theUE according to the first ID; the BSF complete a GBA authentication withthe UE according to the acquired AV.

According to an embodiment of the present disclosure, an authenticationsystem based on a GBA is provided, and the system may include a BSF,which is configured to receive an initialization request message sent bya UE, wherein the initialization request message carries a firstidentifier of the UE, and the first identifier comprises at least one ofthe following: a SUCI, an identifier converted from the SUCI, and a TMPIassociated with the subscriber identity; and to acquire an AV of the UEaccording to the first identifier, and complete a GBA authenticationwith the UE according to the acquired AV.

According to an embodiment of the present disclosure, a BSF is provided,and the BSF may include: a receiving unit, configured to receive aninitialization request message sent by a UE, wherein the initializationrequest message carries a first identifier of the UE, and the firstidentifier comprises at least one of the following: a SUCI, anidentifier converted from the SUCI, and a TMPI associated with thesubscriber identity; an acquisition unit, configured to acquire an AV ofthe UE according to the first identifier; an authentication unit,configured to complete a GBA authentication with the UE according to theacquired AV.

According to an embodiment of the present disclosure, an AuthenticationService Function (AUSF) is provided, and the AUSF may include: a firstreceiving unit, configured to receive an AV request message sent by aBSF, wherein the AV request message carries the SUCI of the UE or anidentifier converted from the SUCI; a determination unit, configured todetermine a corresponding UDM/ARPF according to the SUCI of the UE orthe routing information in the identifier converted from the SUCI; afirst sending unit, configured to forward the AV request message to thecorresponding UDM/ARPF; a second receiving unit, configured to receivean AV request response message sent by the UDM/ARPF, wherein the AVrequest response message carries an AV of the UE, and the AV is obtainedby the UDM/ARPF according to the SUCI of the UE or the identifierconverted from the SUCI; a second sending unit, configured to forwardthe AV request response message to the BSF.

According to an embodiment of the present disclosure, an AUSF is proved,and the AUSF may include: a first receiving unit, configured to receivean AV request message sent by a BSF, wherein the AV request messagecarries a subscriber permanent identifier (SUPI) or an MSISDN or aservice identifier of the UE; a determination unit, configured todetermine a corresponding UDM/ARPF according to the SUPI or the MSISDNor the service identifier of the UE; a first sending unit, configured toforward the AV request message to the corresponding UDM/ARPF; a secondreceiving unit, configured to receive an AV request response messagesent by the UDM/ARPF, wherein the AV request response message carries anAV of the UE, wherein the AV is obtained by the UDM/ARPF according tothe SUPI or the MSISDN or the service identifier of the UE; a secondsending unit, configured to forward the AV request response message tothe BSF.

According to an embodiment of the present disclosure, a unified datamanagement function /authentication credential repository and processingfunction (UDM/ARPF) is provided, the UDM/ARPF may include: a receivingunit, configured to receive an AV request message from a BSF or an AUSF,wherein the AV request message carries a SUCI of the UE or an identifierconverted from the SUCI; an acquisition unit, configured to acquire aSUPI of the UE and subscription information corresponding to the SUPIaccording to the SUCI of the UE or an identifier converted from theSUCI; a sending unit, configured to obtain an AV of the UE according tothe subscription information and send an AV request response message tothe BSF or the AUSF, wherein the AV request response message carries theAV of the UE.

According to an embodiment of the present disclosure, a UDM/ARPF isprovided, and which may include: a receiving unit, configured to receivean AV request message from a BSF or an AUSF, wherein the AV requestmessage carries an SUPI or MSISDN or a service identifier of the UE; anacquisition unit, configured to directly acquire subscriptioninformation of the UE according to the SUPI or MSISDN or the serviceidentifier of the UE; a sending unit, configured to obtain an AV of theUE according to the subscription information and send an AV requestresponse message to the BSF or the AUSF, wherein the AV request responsemessage carries the AV of the UE.

According to an embodiment of the present disclosure, provided is a UE,which may include: a sending unit, configured to send an initializationrequest message to a BSF, wherein the initialization request messagecarries a first identifier of the UE, and the first identifier comprisesat least one of the following: a SUCI, an identifier converted from theSUCI, and a TMPI associated with the subscriber identity.

According to an embodiment of the present disclosure, a BSF is furtherprovided, and BSF comprises a memory and a processor, and a computerprogram stored in the memory and capable of running on the processor,wherein the computer program is executed by the processor to implementthe described authentication method.

According to an embodiment of the present disclosure, a computerreadable storage medium is provided. The computer readable storagemedium stores an information processing program. The informationprocessing program implements the steps of the above authenticationmethod when being executed by a processor.

Compared with the related art, the embodiments of the present disclosureprovide an authentication method based on a GBA and a related device,wherein the method comprises: a BSF receives an initialization requestmessage sent by a UE, wherein the initialization request message carriesa first identifier of the UE, and the first identifier comprises atleast one of the following: an SUCI, an identifier converted from theSUCI, and a TMPI associated with the subscriber identity; the BSFacquires an AV of the UE according to the first identifier; the BSFcompletes a GBA authentication with the UE according to the acquired AV.In this way, the privacy of the SUPI is protected for the UE, and theSUCI or the identifier converted from the SUCI is used to perform thebootstrapping process of the GBA, thereby improving the security of theGBA authentication process.

Additional features and advantages of the disclosure will be set forthin the description that follows, and in part will be obvious from thedescription, or may be learned by practice of the disclosure. Theobjects and other advantages of the disclosure may be realized andattained by the structure particularly pointed out in the description,claims and drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings are used for providing a further understandingof the technical solutions of the present disclosure, constitute a partof the description, and are used for explaining the technical solutionsof the present disclosure together with the embodiments of the presentdisclosure, but do not constitute a limitation to the technicalsolutions of the present disclosure.

FIG. 1 is an architecture diagram of a 5G system;

FIG. 2 is a schematic diagram of SUCI components;

FIG. 3 is a schematic structural diagram of a GBA authentication systemin the related art;

FIG. 4 is a flowchart of a GBA authentication process in the relatedart;

FIG. 5 is a schematic flowchart of a method for authentication based onGBA according to embodiment one of the present disclosure;

FIG. 6 is a schematic structural diagram of an authentication systembased on GBA according to embodiment two of the present disclosure;

FIG. 7 is an architecture diagram of an authentication system based onGBA according to embodiment three of the present disclosure;

FIG. 8 is a schematic flowchart of a method for authentication based onGBA according to embodiment four of the present disclosure;

FIG. 9 is a schematic flowchart of a method for authentication based onGBA according to embodiment five of the present disclosure;

FIG. 10 is a schematic structural diagram of a bootstrapping servicefunction BSF according to a embodiment six of the present disclosure;

FIG. 11 is a structure diagram of an authentication service functionAUSF provided by Embodiment seven of the present disclosure;

FIG. 12 is a structure diagram of another authentication servicefunction AUSF provided by Embodiment seven of the present disclosure;

FIG. 13 is a schematic structural view of a UDM/ARPF according toembodiment eight of the present disclosure;

FIG. 14 is a schematic structural diagram of another UDM/APRF accordingto Embodiment eight of the present disclosure;

FIG. 15 is a schematic structural diagram of a UE according toembodiment nine of the present disclosure.

DETAILED DESCRIPTION OF THE EMULSIONS

To make the objectives, technical solutions, and advantages of thepresent disclosure clearer and more comprehensible, the followingdescribes the embodiments of the present disclosure in detail withreference to the accompanying drawings. It is important to note that theembodiments in the present disclosure and characteristics in theembodiments can be combined arbitrarily without conflicts.

Steps shown in the flowchart may be performed in a computer system suchas a set of computer executable instructions. Furthermore, although alogic sequence is shown in the flowchart, in some cases, the shown ordescribed steps may be executed in a sequence different from thatdescribed here.

FIG. 1 is an architecture diagram of a 5G system, which is composed ofseveral NFs (Network Functions). Wherein, the part of the 5G wirelesssubsystem mainly comprises New Radio (NR, new generation wireless basestation), the part of 5G core network subsystem mainly includes: UDM(Unified Data Management) and AMF (Access Management Function), SMF(Session Management Function), UPF (User Plane Function), PCF (PolicyControl Function), SEAF (Security Anchor Function), AUSF (AuthenticationServer Function) and ARPF (Authentication Credential Repository andProcessing Function), etc., wherein:

UDM (Unified Data Management)/ARPF (Authentication Credential Repositoryand Processing Function): a unified data management function, which is apermanent storage location of user subscription data and is located in ahome network to which a user subscribes, while the ARPF stores along-term security credential for authentication, and uses the long-termsecurity credential as an input to perform a cryptographic operation.The UDMG/ARPF is located in a security environment of an operator or athird party system, and is not exposed to unauthorized physical access.The ARPF interacts with the AUSF.

AMF/SEAF: an access management function/security anchor function, whichmanages a requirement for a user to access a network, and is responsiblefor functions such as NAS (Non-Access Stratum) signalling management anduser mobility management of a terminal to the network, wherein the AMFhas a security anchor function (SEAF) and interacts with an AUSF and aUE, receives an intermediate key established for a UE authenticationprocess, and obtains security relevant data from the AUSF based on aUSIM authentication mode;

AUSF: an authentication server function interacting with the ARPF, andterminating the request from the SEAF. The AUSF is located in a securityenvironment of an operator or a third-party system, and is not exposedto unauthorized physical access.

SMF: a session management function, managing a PDU (Packet Data Unit)session and QoS (Quality of Service) streams of a user, and formulatinga packet detection and forwarding rule for a UPF, etc.;

UPF: a user plane function, which is responsible for functions such asIP data, routing and forwarding of non-IP data, and usage reporting.

PCF: a policy control function, which is responsible for providingpolicy rules of various levels for the AMF and the SMF.

DN (data network): such as an operator service, a network access and athird party service.

AF (application function): for managing an AF session.

GBA is an authentication mechanism provided by 3GPP to ensure that asecurity connection is established between a UE and a network servicenode. FIG. 3 is an architecture diagram of a GBA in a relatedcommunication network. As shown in FIG. 3, a BSF (Bootstrapping serverfunction) is located in a home network of a user. BSF can obtain asubscriber security vector of GBA from an HSS (Home Subscriber Server);the UE performs mutual authentication using an Authentication and KeyAgreement (AKA) protocol, and establishes a session key, the key beingapplied between the UE and a Network application function (NAF); the BSFmay pass the key and the subscriber security settings to the NAF. Afterthe bootstrapping of the NAF ends, the UE and the NAF can run someapplication-related protocols, and in these protocols, theauthentication of the message is based on the session key generated inthe mutual authentication process between the UE and the BSF. Prior tothe bootstrapping procedure, there was no previous security associationbetween the UE and the NAF. The NAF obtains from the BSF the shared keyagreed by the UE and the BSF, and the NAF should be able to locate andcommunicate securely with the BSF in the home network of the subscriber.Furthermore, the NAF can set the local validity of the shared keyaccording to the local policy, detect the lifetime of the shared key,and take measures with the UE to ensure refreshing of the keys in theGBA. The HSS stores the security variable of the user. The SubscriberLocator Function (referred to as SLF) is not necessary to query the HSSof the subscriber. The UE must support the GBA authentication function.FIG. 4 is a schematic flowchart of a GBA authentication process in therelated art. As shown in FIG. 4, the authentication process includes:

Steps 401-406 are a bootstrap AKA authentication process, and Steps407-410 are a service authentication process:

Step 401, a UE sends an initialization request message to a BSF.

The initialization request message may carry a subscriber identifierIMSI of the UE, an IPMI converted from the IMSI, or a TMPI.

For example, when the IMSI is 234150999999999, i.e. MCC=234, MNC=15 andMSISDN=0999999999, the IMPI may be expressed as234150999999999@ims.mnc015.mcc234.3gppnetwork.org. The initializationrequest message may also carry a TMPI (Temporary IP Multimedia PrivateIdentifier) associated with the subscriber identity (preferentiallyused); as specified in the 3rd Generation Partnership Project (3GPP)standards, an IMPI (IP Multimedia Private Identifier) may be derivedfrom an IMSI (International Mobile Subscriber Identification Number) ofa UE.

Steps 402-403, the BSF sends authentication vector and subscriberinformation request messages to the HSS, and the HSS sendsauthentication vector and subscriber information request responsemessages to the BSF.

When the initialization request message carries the TMPI, and if the BSFfinds the user security context of the UE through the TMPI, the BSFacquires the security configuration information of the user and an AVfrom the security context; if no user security context is found, the BSFacquires a user identifier from the UE, wherein the user identifier isthe IMSI or the IMPI in Step 101, and then retrieves securityconfiguration information about the user and an AV from the HSS; whenthe initialization request message carries the IMSI or IMPI, the BSFdirectly retrieves the security configuration information about thesubscriber and an AV from the HSS.

Herein, AV=RAND∥ AUTN∥ XRES∥ CK∥IK, RAND is a random number, AUTN is anAuthentication Token (AUTN), XRES represents acknowledgement informationof a user domain and acknowledgement information of a serving network,CK is a cipher key, and IK is an integrity protection key.

Herein, in a multi-HSS environment, the BSF obtains the address of theHSS in which the subscriber information is stored by inquiring the SLF.

Step 404, the BSF sends the RAND and the AUTN to the UE via a 401message, saves the CK, IK and XRES, and requests the UE to authenticatethe BSF.

Step 405, the UE sends an authentication request message to the BSF, themessage carries an authentication result parameter RES;

Herein, the UE verifies the AUTN by means of an authenticationalgorithm, and confirms that the message comes from an authorizednetwork, and at the same time, the UE calculates CK, IK and RES (anauthentication result parameter), and then sends an authenticationrequest message to the BSF, which results in session keys IK and CK arein both the BSF and UE.

Step 406, the BSF sends a 200 OK message containing the B-TID to the UEto indicate successful authentication; meanwhile, in the 200 OK message,the BSF provides the lifetime of the Ks, and the message also carriesthe TMPI reassigned for the UE.

The BSF verifies the correctness of the authentication result parameterRES according to the stored parameters (CK, IK, XRES); if correct, theroot key Ks=CK∥IK is calculated, a value of the B-TID is generated, andthen a 200 OK (successful message) including the B-TID is sent to theUE.

After receiving the 200 OK (successful message) message, the UE alsocalculates Ks=CK∥IK, where Ks is the GBA root key, and is used to derivethe service key for the NAF of the application platform.

Then the bootstrapping process of the UE is completed.

Step 407, the UE sends an authentication request to the NAF, wherein theauthentication request carries the B-TID and NAF_ID.

Herein, the UE uses Ks to derive a service key Ks_NAF=KDF (Ks, “gba-me”,RAND, IMPI and NAF_ID).

Herein, the KDF is a key generation algorithm, the NAF_ID is an ID ofthe service platform NAF, and the UE sends the B-TID to the NAF andrequests to negotiate a key with the NAF. The message further includesservice message content, and the message is encrypted with a service keyusing an encryption algorithm.

Step 408, the NAF sends the B-TID and NAF_ID to the BSF to request toobtain the service key of the subscriber.

Step 409, the BSF derives the Ks_NAF from the Ks using the same methodas that of the UE, and sends the Ks_NAF to the NAF via a secure channel,and at the same time, comprises information such as a key lifetime ofthe Ks_NAF thereof.

The NAF may decrypt the contents of the service message with theobtained Ks_NAF using the same algorithm as that used by the UE.

At Step 410, after storing the Ks_NAF and the validity periodinformation, the NAF returns a 200 OK response to the UE.

In this way, the key Ks_NAF is shared between the UE and the NAF, andcan be used for operations such as authentication and messageencryption.

As with the previous 2G, 3G, 4G and LTE (Long Term Evolution), securityis crucial for 5G communication networks and services. Therefore, the 5Gprotocol introduces the concept of Subscriber Permanent Identifier(SUPI) and Subscriber Concealed Identifier (SUCI). The SUPI may begenerated by converting an International Mobile SubscriberIdentification Number (IMSI) or a Network Access Identifier (NAI), andthe SUCI is a hidden version of the SUPI with a 5G permanent useridentifier, so as to prevent exposure of the SUPI. According to thespecifications of the 3GPP standard, SUCI is generated by SUPIconversion. As shown in FIG. 2, the SUCI consists of six parts:

1) SUPI type, with the value being 0-7, in which 0 is an InternationalMobile Subscriber Identification Number (IMSI), 1 is a Network AccessIdentifier (NAI), and the others are to be used.

2) Home Network Identifier, which is used for identifying a home networkuser. When the SUPI is an IMSI, the SUPI is composed of a Mobile CountryCode (MCC) and a Mobile Network Code (MNC). When the SUPI is an NAI, theNAI is defined in section 2.2 of the standard IETF RFC 7542.

3) Routing Indicator (RID), which is allocated by a home networkoperator and configured in a mobile phone card (USIM), and together witha home network identifier, indicates network signalling to an AUSF andUDM of a service user.

4) Protection Scheme Identifier, which represents either null-scheme ornon-null-scheme,

5) Home Network Public Key Identifier, which represents an identifier ofa public key for protecting the SUPI provided by a home network, andwhen there is no protection, the value is 0.

6) Scheme Output, a Mobile Subscriber Identification Number (MSIN) partof the IMSI when there is no protection, or NAI, which is used toencrypt the values of MSIN and NAI with an elliptical curve when theprotection is performed.

For example, when the IMSI is 234150999999999, i.e. MCC=234, MNC=15 andMSISDN=0999999999, the routing indicator is 678, and the home networkkey identification is 27, the unprotected SUCIs are 0, 234, 15, 678, 0,0 and 0999999999, the protected SUCIs are 0, 234, 15, 678, 1, 27, <EECephemeral public key value>, <encrypted 0999999999> and <MAC tag value>.

It can be seen from the described GBA authentication process that if theinitialized authentication message sent by the UE directly carries thesubscriber identifier IMSI of the UE or the IMPI converted from theIMSI, the message can be easily captured by tools such as aninternational mobile subscriber identifier (IMSI) catcher Stingrays,which results in leakage of the subscriber identifier and cannot ensurecommunication security.

To this end, the embodiments of the present disclosure provide a newauthentication method based on a GBA, in the method, the privacy ofIMSI, IMPI and SUPI are protected for a UE, and a bootstrapping processof GBA is performed by using SUCI or an identifier converted from theSUCl, thereby avoiding leakage of a user identifier and ensuringcommunication security.

The authentication scheme based on a GBA provided by the embodiment ofthe present disclosure will be described below with reference toembodiments.

Embodiment One

FIG. 5 is a schematic flowchart of an authentication method based on aGBA according to a first embodiment of the present disclosure. As shownin FIG. 5, the method includes:

Step 501, a BSF receives an initialization request message sent by a UE,wherein the initialization request message carries a first identifier ofthe UE, and the first identifier comprises at least one of thefollowing: a SUCI, an identifier converted from the SUCI, and a TMPIassociated with the subscriber identity.

Step 502, the BSF acquires an AV of the UE according to the firstidentifier.

Step 503, the BSF completes the GBA authentication with the UE accordingto the acquired AV.

The composition of the identifier converted from the SUCI comprises theSUCI and routing information, wherein the routing information comprisesa mobile network code MNC and a mobile country code MCC of the UE, andan RID in the SUCI.

The identifier converted from the SUCI is: SUCI@ims.mobile networkcode.mobile country code. routing indicator.3gppnetwork.org.

Herein, the BSF acquires an AV of the UE according to the first IDcomprises:

-   -   the BSF determines a corresponding UDM/APRF according to the        first identifier, and directly acquiring, by the BSF, an AV of        the UE from the corresponding UDM/ARPF; or    -   a corresponding UDM/APRF is determined according to the first        identifier by an AUSF and an AV of the UE from the corresponding        UDM/ARPF is acquired.

When the first identifier includes a TMPI and the BSF cannot find thesecurity context of the UE according to the TMPI, the BSF determines acorresponding UDM/APRF according to the first identifier and directlyacquires an AV of the UE from the corresponding UDM/ARPF includes:

-   -   the BSF obtains the SUCI of the UE or an identifier converted        from the SUCI;    -   a corresponding UDM/APRF is determined according to the SUCI of        the UE or the routing information in the identifier converted        from the SUCI;    -   an AV request message is sent to the corresponding UDM/ARPF,        wherein the AV request message carries the SUCI of the UE or an        identifier converted from the SUCI;    -   an AV request response message sent by the UDM/ARPF is received,        wherein the AV request response message carries an AV of the UE        obtained by the UDM/ARPF according to the SUCI of the UE or an        identifier converted from the SUCI.

Alternatively, when the first identifier includes a TMPI and the BSFcannot find the security context of the UE according to the TMPI, acorresponding UDM/ARPF is determined according to the first identifierby means of an AUSF and an AV of the UE is acquired from thecorresponding UDM/ARPF comprise:

-   -   the BSF obtains the SUCI of the UE or an identifier converted        from the SUCI;    -   an AV request message is sent to an AUSF, wherein the AV request        message carries the SUCI of the UE or an identifier converted        from the SUCI;    -   the AUSF determines a corresponding UDM/ARPF according to the        SUCI of the UE or the routing information in the identifier        converted from the SUCI;    -   the AUSF forwards the AV request message to the corresponding        UDM/ARPF;    -   the AUSF receives an AV request response message sent by the        UDM/ARPF, wherein the AV request response message carries an AV        of the UE, and the AV is obtained by the UDM/ARPF according to        the SUCI of the UE or an identifier converted from the SUCI;    -   the AUSF forwards the AV request response message to the BSF.

When the first identifier includes a TMPI and the BSF finds a securitycontext of the UE according to the TMPI but a time period of the safecontext of the UE is invalid, the BSF determines a correspondingUDM/APRF according to the first identifier and directly acquires an AVof the UE from the corresponding UDM/ARPF includes:

-   -   the BSF determines a corresponding UDM/ARPF from a subscriber        permanent identifier (SUPI or MSISDN) or a service identifier of        the UE contained in the security context;    -   the BSF sends an AV request message to the corresponding        UDM/ARPF, wherein the AV request message carries the SUPI or        MSISDN or a service identifier of the UE;    -   the BSF receives an AV request response message sent from the        UDM/ARPF, wherein the AV request response message carries an AV        of the UE obtained by the UDM/ARPF according to the SUPI or        MSISDN or service ID of the UE;

Alternatively, when the first identifier includes a TMPI and the BSFfinds the security context of the UE according to the TMPI but a timeperiod of the security context of the UE is invalid, a correspondingUDM/APRF is determined according to the first identifier and an AV ofthe UE is acquired from the corresponding UDM/APRF by means of an AUSFincludes:

The BSF sends an AV request message to an AUSF, and the AV requestmessage carries an SUPI or MSISDN or a service identifier of the UEcontained in the security context;

-   -   the AUSF determines a corresponding UDM/ARPF according to the        SUPI or MSISDN or service identifier of the UE, and forwards the        AV request message to the corresponding UDM/ARPF;

The AUSF receives an AV request response message sent by the UDM/ARPF,wherein the AV request response message carries an AV of the UE, and theAV is obtained by the UDM/ARPF according to the SUPI or MSISDN orservice identifier of the UE;

The AUSF forwards the AV request response message to the BSF.

Herein, the BSF requires an AV of the UE according to the first IDcomprises:

When the first identifier comprises a TMPI and the BSF finds a securitycontext of the UE according to the TMPI and a time period of thesecurity context of the UE is valid, the BSF directly acquires an AV ofthe UE according to the security context.

When the first identifier includes SUCI or an identifier converted fromSUCI, the BSF determines a corresponding UDM/APRF according to the firstidentifier, and the BSF directly acquires an AV of the UE from thecorresponding UDM/ARPF includes:

-   -   the BSF determines a corresponding UDM/APRF according to the        SUCI of the UE or the routing information in the ID converted        from the SUCI;    -   the BSF sends an AV request message to the corresponding        UDM/ARPF, and the AV request message carries the SUCI of the UE        or the ID converted from the SUCI;    -   the BSF receives an AV request response message sent by the        UDM/ARPF, and the AV request response message carries an AV of        the UE, and the AV is obtained by the UDM/ARPF according to the        SUCI of the UE or an identifier converted from the SUCI;

Alternatively, when the first identifier comprises an SUCI or anidentifier converted from SUCI, a corresponding UDM/APRF is determinedaccording to the first identifier by means of an AUSF, and an AV of theUE is required from the corresponding UDM/ARPF comprise:

-   -   the BSF sends an AV request message to an AUSF, and the AV        request message carries the SUCI of the UE or an identifier        converted from the SUCI;    -   the AUSF determines a corresponding UDM/ARPF according to the        SUCI of the UE or the identifier routing information converted        from the SUCI, and forwards the AV request message to the        corresponding UDM/ARPF;

The AUSF receives an AV request response message sent by the UDM/ARPF,and the AV request response message carries an AV of the UE, and the AVis obtained by the UDM/ARPF according to the SUCI of the UE or anidentifier converted from the SUCI;

The AUSF forwards the AV request response message to the BSF.

-   -   the UDM/ARPF obtains an AV of the UE according to the SUCI of        the UE or the identifier converted from the SUCI includes:

The UDM/ARPF obtains the permanent user identifier SUPI of the UE andthe subscription information corresponding to the SUPI according to theSUCI of the UE or the identifier converted from the SUCI; and

An AV of the UE is obtained according to the subscription information.

-   -   the UDM/ARPF obtains an AV of the UE according to the SUPI or        MSISDN or service ID of the UE includes:    -   the UDM/ARPF directly acquires subscription information of the        UE according to the SUPI or MSISDN or service identifier of the        UE; and

An AV of the UE is obtained according to the subscription information.

Embodiment Two

FIG. 6 is a schematic structural diagram of an authentication systembased on GBA according to a second embodiment of the present disclosure.As shown in FIG. 6, the system includes:

A bootstrapping service function BSF is configured to receive aninitialization request message sent by a UE, wherein the initializationrequest message carries a first identifier of the UE, and the firstidentifier comprises at least one of the following: a SUCI, anidentifier converted from the SUCI, and a TMPI associated with thesubscriber identity; acquire an AV of the UE according to the firstidentifier; complete a GBA authentication with the UE according to theacquired AV.

The system further includes a UDM/ARPF, and the BSF is connected to theUDM/ARPF through a G5 interface;

The BSF is specifically configured to determine a corresponding UDM/ARPFaccording to the first identifier, and directly acquire an AV of the UEfrom the corresponding UDM/ARPF;

Alternatively, the system further includes an AUSF and a UDM/ARPF, andthe BSF is connected with the AUSF and the UDM/ARPFs via G5 interfacesrespectively.

The BSF is specifically configured to determine a corresponding UDM/APRFaccording to the first identifier by means of an AUSF, and acquire an AVof the UE from the corresponding UDM/ARPF.

When the first identifier includes the TMPI and the BSF cannot find thesecurity context of the UE according to the TMPI, the BSF is configuredto obtain a subscriber hidden identifier SUCl of the UE or an identifierconverted from the SUCI; determine a corresponding UDM/APRF according tothe SUCI of the UE or the routing information in the identifierconverted from the SUCI; send an AV request message to the correspondingUDM/ARPF, wherein the AV request message carries the SUCI of the UE oran identifier converted from the SUCI; receive an AV request responsemessage sent by the UDM/ARPF, wherein the AV request response messagecarries an AV of the UE obtained by the UDM/ARPF according to the SUCIof the UE or an identifier converted from the SUCI.

Herein, the UMD/ARPF is specifically configured to obtain an AV of theUE according to the SUCI of the UE or an identifier converted from theSUCI, and to send an AV request response message to the BSF.

Or, when the first identifier comprises a TMPI and the BSF cannot findthe security context of the UE according to the TMPI, the BSF isconfigured to obtain a subscriber hidden identifier SUCl of the UE or anidentifier converted from the SUCl, and send an AV request message to anAUSF, wherein the AV request message carries the SUCI of the UE or anidentifier converted from the SUCI, and receive the AV request responsemessage forwarded by the AUSF.

The AUSF is specifically configured to determine a correspondingUDM/ARPF according to the SUCI of the UE or the routing information inthe identifier converted from the SUCI; forward the AV request messageto the corresponding UDM/ARPF; receive an AV request response messagesent by the UDM/ARPF, wherein the AV request response message carries anAV of the UE obtained by the UDM/ARPF according to the SUCI of the UE oran identifier converted from the SUCI; forward the AV request responsemessage to the BSF.

The UMD/ARPF is specifically configured to obtain an AV of the UEaccording to the SUCI of the UE or an identifier converted from theSUCI, and to send an AV request response message to the AUSF.

Herein, when the first identifier includes a TMPI and the BSF finds asecurity context of the UE according to the TMPI but a time period ofthe security context of the UE is invalid, the BSF is specificallyconfigured to determine a corresponding UDM/ARPF according to a SUPI orMSISDN or service identifier of the UE contained in the securitycontext; send an AV request message to the corresponding UDM/ARPF,wherein the AV request message carries the SUPI or MSISDN or a serviceidentifier of the UE; receive an AV request response message sent by theUDM/ARPF, wherein the AV request response message carries an AV of theUE obtained by the UDM/ARPF according to the SUPI or MSISDN or serviceidentifier of the UE.

The UMD/ARPF is specifically configured to obtain an AV of the UEaccording to the SUCI of the UE or an identifier converted from theSUCI, and to send an AV request response message to the BSF.

Or, when the first identifier comprises a TMPI and the BSF finds asecurity context of the UE according to the TMPI but a time period ofthe security context of the UE is invalid, the BSF is specificallyconfigured to send an AV request message to the AUSF, wherein the AVrequest message carries a user permanent identification SUPI or MSISDNor a service identifier of the UE contained in the security context;receive the AV request response message forwarded by the AUSF.

The AUSF is specifically configured to determine a correspondingUDM/ARPF according to a SUPI or MSISDN or service identifier of the UE,and forward the AV request message to the corresponding UDM/ARPF;receive an AV request response message sent by the UDM/ARPF, wherein theAV request response message carries an AV of the UE obtained by theUDM/ARPF according to the SUPI or MSISDN or service identifier of theUE; forward the AV request response message to the BSF.

The UMD/ARPF is specifically configured to obtain an AV of the UEaccording to the SUCI of the UE or an identifier converted from theSUCI, and to send an AV request response message to the AUSF.

The BSF acquires an AV of the UE according to the first identifiercomprises:

-   -   when the first identifier comprises a TMPI and the BSF finds a        security context of the UE according to the TMPI and a time        period of the security context of the UE is valid, the BSF is        specifically configured to acquire an AV of the UE directly        according to the security context;    -   when the first identifier comprises SUCI or an identifier        converted from SUCI, the BSF is specifically configured to        determine a corresponding UDM/APRF according to the SUCI of the        UE or the routing information in the identifier converted from        the SUCI; send an AV request message to the corresponding        UDM/ARPF, wherein the AV request message carries the SUCI of the        UE or an identifier converted from the SUCI; receive an AV        request response message sent by the UDM/ARPF, and the AV        request response message carries an AV of the UE obtained by the        UDM/ARPF according to the SUCI of the UE or an identifier        converted from the SUCI;    -   the UMD/ARPF is specifically configured to obtain an AV of the        UE according to the SUCI of the UE or an identifier converted        from the SUCI, and send an AV request response message to the        BSF.

Or, when the first identifier comprises SUCI or an identifier convertedfrom SUCI, the BSF is specifically configured to send an AV requestmessage to the AUSF, and the AV request message carries the SUCI of theUE or an identifier converted from the SUCI; receive an AV requestresponse message forwarded by the AUSF.

The AUSF is specifically configured to determine a correspondingUDM/ARPF according to the SUCI of the UE or the identification routinginformation converted from the SUCI, and forward the AV request messageto the corresponding UDM/ARPF; receive an AV request response messagesent by the UDM/ARPF, wherein the AV request response message carries anAV of the UE obtained by the UDM/ARPF according to the SUCI of the UE oran identifier converted from the SUCI; forward the AV request responsemessage to the BSF.

The UMD/ARPF is specifically configured to obtain an AV of the UEaccording to the SUCI of the UE or an identifier converted from theSUCI, and to send an AV request response message to the AUSF.

Herein, the UDM/APRF is specifically configured to acquire, according tothe SUCI of the UE or the identifier converted from the SUCI, SUPI ofthe UE and subscription information corresponding to the SUPI of the UE;obtain an AV of the UE according to the subscription information.

Herein, the UDM/ARPF is specifically configured to directly acquire thesubscription information of the UE according to the SUPI or MSISDN orthe service identifier of the UE; obtain an AV of the UE according tothe subscription information.

The technical solutions provided by the foregoing Embodiment one andEmbodiment two are described in detail in the following through specificembodiments.

Embodiment Three

FIG. 7 is an architecture diagram of an authentication system based onGBA according to embodiment three of the present disclosure. As shown inFIG. 7, a BSF and an NAF are added to the system on the basis of FIG. 1.The Functions of the BSF, the AUSF, and the UDM/ARPF are described belowwith reference to GBA authentication. For other functions, please referto the description of FIG. 1.

As shown in FIG. 7, in the system, the BSF can be set independently, orcan be integrated with the AUSF.

When the BSF and The AUSF is provided separately, that is, the BSF, asan independent network element, and the AUSF, has a G5 interface, theAUSF functions as a routing proxy, and the BSF searches for an accurateUDM/ARPF via the AUSF and transfers the security context of thesubscriber, the subscriber identifier or the service identifier to theBSF.

When the BSF is integrated with the AUSF, the BSF is directly connectedto the UDM/ARPF through a G5 interface; configured to deliver anaccurate route UDM/ARPF and deliver a security context and thesubscriber identifier or the service identifie.

The embodiments of the present disclosure propose a new identifier, andthe new identifier is obtained by converting the SUCI.

In the embodiment of the present disclosure, the new identifier may bereferred to as an identifier converted from the SUCI. The composition ofthe identifier converted from the SUCI comprises the SUCI and routinginformation, wherein the routing information comprises a mobile networkcode MNC and a mobile country code MCC of the UE, and anr RID in theSUCI.

The BSF or the AUSF can route to the corresponding UDM/ARPF according tothe MCC, the MNC and the RID in the SUCI or the identifier convertedfrom the SUCI. The corresponding UDM/ARPF can decrypt the user permanentidentification SUPI according to the public key to obtain the usersecurity context, and the user identification (which may be the SUPI orMSISDN) or the corresponding service identifier. The UDM/ARPF sends thesecurity context and the user identification or the service identifierto the BSF.

Specifically, in the embodiments of the present disclosure, a conversiontechnology for converting an IMSI into an IMPI specified in 3GPP can beused to obtain an identifier converted from an SUCI on the basis of theSUCI, and the composition of the identifier converted from the SUCI isSUCI@ims.mobile network code. mobile country code. routingindicator.3gppnetwork.org.

For example, the UE has the SUCI obtained by using elliptic curvecryptography. For example, when the IMSI is 234150999999999, i.e.MCC=234, MNC=15 and MSISN =0999999999, the routing indicator is 678, andthe home network key identifier is 27, the unprotected SUCIs are 0, 234,15, 678, 0, 0 and 0999999999, the protected SUCIs are 0, 234, 15, 678,1, 27, <EEC ephemeral public key value>, <the encrypted code is0999999999> and <MAC tag value>. The identifier converted from the SUCImay be denoted as SUCI@ims.mnc015.mcc234.RID678.3gppnetwork. org.

The identifier converted from the SUCI may also be in other forms, aslong as the identifier includes the SUCI and the routing information.

Embodiment Four

Based on the system architecture provided in Embodiment three,Embodiment four of the present disclosure provides an authenticationmethod based on a GBA. In embodiment four, the BSF and The AUSF isprovided separately, a G5 interface exists between the BSF and the AUSF,the AUSF functions as a routing proxy, and the BSF communicates with theUDM/ARPF through the AUSF.

FIG. 8 is a schematic flowchart of a method for authentication based ona GBA according to embodiment four of the present disclosure. As shownin FIG. 8, the method includes:

Step 801, a UE sends an initialization request message to a BSF.

Herein, the initialization request message carries the SUCI of the UE oran identifier converted from the SUCI, or a TMPI associated with thesubscriber identity.

For example, when the IMSI is 234150999999999, i.e. MCC=234, MNC=15 andMSISDN=0999999999, the routing indicator is 678, and the home networkkey identification is 27, the unprotected SUCIs are 0, 234, 15, 678, 0,0 and 0999999999, the protected SUCIs are 0, 234, 15, 678, 1, 27, <EECephemeral public key value>, <encrypted 0999999999> and <MAC tag value>,the identification transformed by the SUCI isSUCI@ims.nmc015.mcc234.RID678.3gppnetwork.org.

In the present embodiment, the TMPI may be used preferentially, the SUCIor the identifier converted from the SUCI may be used in the absence ofthe TMPI. When the initialization request message carries the TMPI, ifthe user security context of the UE is found through the TMPI and a timeperiod of the security context is valid, the BSF can obtain theauthentication vector of the UE from the security context, and Step 806is performed; if the user security context is found through the TMPI butthe time period of the security context is invalid, Step 802-a isperformed; if the user security context is not found through the TMPI,the BSF will re-obtain the user identifier, which is the SUCI or theindentifier converted from the SUCI in Step 801, from the UE, and thenStep 802-b is performed; when the initialization request message carriesthe SUCl or the identifier converted from the SUCl, Step 802-b isperformed.

Step 802-a, a BSF sends an AV request message to an AUSF.

Herein, the AV request message carries the subscriber permanentidentifier SUPI or MSISDN or service identifier of the UE contained inthe security context.

The service identifier is a service identifier configured by theUDM/ARPF for the user, and is contained in the user subscription data.

The AV request message may also be carried in an AV and a subscribermessage request message sent by the BSF to the AUSF.

Step 802-b, the BSF sending an AV request message to the AUSF. The AVrequest message carries the SUCI of the UE or an identifier convertedfrom the SUCI. The AV request message may also be carried in an AV and asubscriber message request message sent by the BSF to the AUSF.

At Step 803, the AUSF determines a corresponding UDM/ARPF according tothe received AV request message, and forwards the AV request message tothe corresponding UDM/ARPF.

In the present embodiment, when the received AV request message carriesa SUPI or MSISDN or a service identifier of the UE, the AUSF determinesa corresponding UDM/ARPF according to the subscriber permanentidentifier SUPI or MSISDN or service identifier of the UE; when thereceived AV request message carries the SUCI of the UE or the identifierconverted from the SUCl, the AUSF determines a corresponding UDM/ARPFaccording to routing information in the SUCl of the UE or the identifierconverted from the SUCI;

Step 804, the corresponding UDM/ARPF obtains subscriber subscriptioninformation of the UE according to the received AV request message,obtains an AV of the UE, and sends an AV request response message to theAUSF.

Herein, the AV request response message carries an AV of the UE.

In the present embodiment, when the received AV request message carriesthe subscriber permanent identifier SUPI or MSISDN or service identifierof the UE, the corresponding UDM/ARPF directly acquires the subscriptioninformation according to the SUPI or MSISDN or service identifier of theUE. When the received AV request message carries the SUCI of the UE orthe identifier converted from the SUCl, the corresponding SUPI isobtained according to the SUCl or the identifier converted from theSUCl, and then the corresponding subscriber subscription information isobtained according to the SUPI.

The AV request response message may also be carried in theauthentication vector and the subscriber message request responsemessage sent from the UDM/APRF to the AUSF. The authentication vectorand the user message request response message may further carry othersecurity configuration information of the user, a user identifier (SUPI,or MSISDN), or a service identifier.

Step 805, the AUSF forwards the AV request response message to the BSF.

In the present embodiment, the AV request response message may also becarried in an AV vector and a subscriber message request responsemessage forwarded by the AUSF to the BSF.

Subsequently, the BSF completes GBA authentication with the UE accordingto the acquired AV, which is specifically described as follows:

Step 806, the BSF sends the RAND and the AUTN to the UE via a 401message, saves (CK, IK, XRES) and saves a user identifier or a serviceidentifier, and requests the UE to authenticate the BSF.

Herein, the UE verifies the AUTN by means of an authenticationalgorithm, and confirms that the message is from an authorized network;meanwhile, the UE calculates a cipher key CK (Cipher Key), an integritykey IK (Integrity Key), and an RES (authentication result parameter), sothat both the BSF and the UE have the session key IK and CK.

Step 807, the UE sends an authentication request message to the BSF, themessage carrying an authentication result parameter RES;

The BSF verifies the correctness of the authentication result parameterRES according to the stored parameters (CK, IK, XRES); if so, thencalculates the root key Ks=CK∥IK, and at the same time generats a valueof B-TID (Bootstrapping Transaction Identifier);

Step 808, the BSF sends a 200 OK (authentication success message)message containing the B-TID to the UE to indicate successfulauthentication.

Meanwhile, in the 200 OK message, the BSF provides the lifetime of theKs, and the message also carries the TMPI reassigned to the UE.

After receiving the 200 OK message, the UE also calculates Ks=CK∥IK,where Ks is the GBA root key, which is used to derive the service keyfrom the application platform NAF.

Thus the bootstrapping process of UE is complete.

Step 809, the UE sends a service request including the B-TID to the NAF,requesting to negotiate a key with the NAF.

Herein, the UE uses Ks to derive a service key Ks_NAF=KDF (Ks, “gba-me”,RAND, IMPI and NAF_ID). KDF is a key generation algorithm, and NAF_ID isan ID of a service platform NAF;

In the present embodiment, the message for sending the B-TID can furtherinclude the contents of the service message, and the message isencrypted with the encryption algorithm using the service key.

Step 810, the NAF sends an authentication request carrying the B-TID andthe NAF_ID to the BSF to request to obtain the service key of thesubscriber.

Step 811, the BSF derives the Ks_NAF from the Ks using the same methodas that of the UE, and sends an authentication response carrying theKs_NAF to the NAF via a secure channel, and at the same time, anauthentication response carries information such as the key lifetime ofthe Ks_NAF thereof.

Herein, the NAF may decrypt the content in the service message by usingthe same algorithm as that used by the UE based on the obtained Ks_NAF.

Step 812, after storing the Ks_NAF and the validity period information,the NAF returns a service response containing a 200 OK response to theUE. In this way, the UE and the NAF share the key Ks_NAF, and can be setas operations such as authentication and message encryption.

Embodiment Five

Based on the system architecture provided in Embodiment three,Embodiment five of the present disclosure provides an authenticationmethod based on a GBA. In the fifth embodiment, the BSF and the AUSF isintegrated, and there is a direct G5 interface between the BSF and theUDM/ARPF.

FIG. 9 is a schematic flowchart of a method for authentication based onGBA according to embodiment five of the present disclosure. As shown inFIG. 9, the method includes:

Step 901, a UE sends an initialization request message to a BSF.

In the present embodiment, the initialization request message carriesthe SUCI of the UE, or an identifier converted from the SUCI, or a TMPIassociated with the subscriber identity.

For example, when the IMSI is 234150999999999, i.e. MCC=234, MNC=15 andMSISDN=0999999999, the routing indicator is 678, and the home networkkey identification is 27, the unprotected SUCIs are 0, 234, 15, 678, 0,0 and 0999999999, the protected SUCIs are 0, 234, 15, 678, 1, 27, <EECephemeral public key value>, <encrypted 0999999999> and <MAC tag value>,the identification transformed by the SUCI isSUCI@ims.mnc015.mcc234.RID678.3gppnetwork.org.

In the present embodiment, TMPI can be used preferentially, SUCI or theidentifier converted from the SUCI can be used in the absence of TMPI.When the initialization request message carries the TMPI, and if theuser security context of the UE is found through the TMPI and a timeperiod of the security context is valid, the BSF can obtain theauthentication vector of the UE from the security context, and then Step904 is performed; if the user security context is found through the TMPIbut the time period of the security context is invalid, Step 902-a isperformed; if the user security context is not found through the TMPI,the BSF will re-obtain the user ID, which is the SUCI or the IDtransformed by the SUCI in Step 901, from the UE, and then Step 902-b isperformed; if the initialization request message carries the SUCl or theidentifier converted from the SUCl, 902-b is directly performed.

Step 902-a, the BSF determines a corresponding UDM/ARPF and sends an AVrequest message to the corresponding UDM/ARPF;

Herein, the AV request message carries a SUPI or an MSISDN or a serviceidentifier of the UE contained in the security context.

In the present embodiment, the service identifier is configured by theUDM/ARPF for the user, and is contained in the user subscription data.

The AV request message may also be carried in an AV vector and asubscriber message request message sent by the BSF to the AUSF.

Herein, the BSF can determine the corresponding UDM/ARPF according tothe SUPI, MSISDN or service identifier in the security context of theUE.

Step 902-b, the BSF determines a corresponding UDM/ARPF and sends an AVrequest message to the corresponding UDM/ARPF;

The AV request message carries the SUCI of the UE or an identifierconverted from the SUCI.

The AV request message may also be carried in an AV vector and asubscriber message request message sent by the BSF to the AUSF.

The BSF can determine the corresponding UDM/ARPF according to the SUCIof the UE or the routing information in the identifier converted fromthe SUCI.

Step 903, the corresponding UDM/ARPF obtains subscriber subscriptioninformation of the UE according to the received AV request message,obtains an AV of the UE, and sends an AV request response message to theBSF.

In the present embodiment, the AV request response message carries an AVof the UE.

Herein, when the received AV request message carries the subscriberpermanent identifier SUPI or MSISDN or service identifier of the UE, thecorresponding UDM/ARPF directly acquires the subscription informationaccording to the SUPI or MSISDN or service identifier of the UE. Whenthe received AV request message carries the SUCI of the UE or theidentifier converted from the SUCl, the corresponding SUPI is obtainedaccording to the SUCl or the identifier converted from the SUCl, andthen the corresponding subscriber subscription information is obtainedaccording to the SUPI.

The AV request response message may also be carried in theauthentication vector and the subscriber message request responsemessage sent from the UDM/APRF to the AUSF. The authentication vectorand the user message request response message may further carry othersecurity configuration information of the user, a user identifier (SUPI,or MSISDN), or a service identifier.

The AV request response message may also be carried in an AV vector anda subscriber message request response message forwarded by the AUSF tothe BSF.

Subsequently, the BSF completes GBA authentication with the UE accordingto the acquired AV, which is specifically described as follows:

Step 904, the BSF sends the RAND and the AUTN to the UE through a 401message, stores (CK, IK, XRES) and a user ID or a service ID, andrequests the UE to authenticate the BSF.

In the present embodiment, the UE verifies the AUTN by means of anauthentication algorithm, and confirms that the message is from anauthorized network. Meanwhile, the UE calculates a cipher key CK (CipherKey), an integrity key IK (Integrity Key), and an RES (authenticationresult parameter), so that both the BSF and the UE have the session keysIK and CK;

Step 905, the UE sends an authentication request message to the BSF, themessage carrying an authentication result parameter RES.

The BSF verifies the correctness of the authentication result parameterRES according to the stored parameters (CK, IK, XRES); if so, thencalculates the root key Ks=CK∥IK, and at the same time generates thevalue of B-TID (Bootstrapping Transaction Identifier)

Step 906, the BSF sends a 200 OK (authentication success message)message containing the B-TID to the UE indicating that theauthentication succeeds.

In the present embodiment, in the 200 OK message, the BSF provides thelifetime of the Ks, and the message also carries the TMPI reassigned tothe UE;

After receiving the 200 OK message, the UE also calculates Ks=CK∥IK,where Ks is the GBA root key, and is configured to derive the servicekey from the application platform NAF.

Thus the bootstrapping process from this UE is complete.

Step 907, the UE sends a service request including the B-TID to the NAF,requesting to negotiate a key with the NAF.

Herein, the UE uses Ks to derive a service key Ks_NAF=KDF (Ks, “gba-me”,RAND, IMPI and NAF_ID); KDF is a key generation algorithm, and NAF_ID isan ID of a service platform NAF;

The message for sending the B-TID can further include the contents ofthe service message. The message is encrypted with the encryptionalgorithm using the service key.

Step 908: the NAF sends an authentication request including the B-TIDand NAF_ID to the BSF, requesting to obtain the service key of thesubscriber.

Step 909, the BSF derives the Ks_NAF from the Ks using the same methodas that of the UE, and sends an authentication response carrying theKs_NAF to the NAF via a secure channel, and at the same time, comprisesinformation such as a key lifetime of the Ks_NAF thereof.

The NAF may decrypt the content in the service message by using the samealgorithm as that used by the UE based on the obtained Ks_NAF.

Step 910, after storing the Ks_NAF and the validity period information,the NAF returns a service response containing a 200 OK response to theUE, so that the UE and the NAF share the key Ks_NAF, and can be set asoperations such as authentication and message encryption.

According to the technical solutions provided in the third, fourth, andfifth embodiments, the bootstrapping process of GBA is performed byusing the SUCI or the identifier converted from the SUCl. Furthermore,the BSF finds the corresponding UDM/ARPF through the SUCI or the routingindicator in the identifier converted from the SUCl, and acquires theuser security configuration information (such as AV). The security ofthe SUPl is protected for the UE, and the security of GBA authenticationis improved.

Embodiment Six

FIG. 10 is a schematic structural diagram of a BSF according toembodiment six of the present disclosure. As shown in FIG. 10, the BSFincludes:

A receiving unit, configured to receive an initialization requestmessage sent by a UE, wherein the initialization request message carriesa first identifier of the UE, and the first identifier comprises atleast one of the following: a SUCI, an identifier converted from theSUCI, and a TMPI associated with the subscriber identity;

An acquisition unit, configured to acquire an AV of the UE according tothe first identifier;

An authentication unit configured to complete GBA authentication withthe UE according to the acquired AV.

In an embodiment, the BSF further include an acquisition unit, which isconfigured to, when the first identifier includes the TMPI and the BSFcannot find the security context of the UE according to the TMPI,acquire an SUCI of the UE or an identifier converted from the SUCI.

Herein, the identifier converted from the SUCI comprises the SUCI androuting information, wherein the routing information comprises a mobilenetwork code MNC and a mobile country code MCC of the UE, and an RID inthe SUCI.

The identifier converted from the SUCI is: SUCI@ims.mobile networkcode.mobile country code.routing indicator.3gppnetwork.org.

The acquiring unit is specifically configured to determine acorresponding UDM/ARPF according to the first identifier, and directlyacquire an AV of the UE from the corresponding UDM/ARPF;

-   -   or, a corresponding UDM/APRF is determined according to the        first identifier by an authentication service function AUSF and        an AV of the UE is required from the corresponding UDM/ARPF.

When the first identifier includes a TMPI and the BSF cannot find thesecurity context of the UE according to the TMPI, the obtaining unit isspecifically configured to: acquire the SUCI of the UE or an identifierconverted from the SUCI, determine a corresponding UDM/APRF according tothe SUCI of the UE or the routing information in the identifierconverted from the SUCI, send an AV request message to the correspondingUDM/ARPF, wherein the AV request message carries the SUCI of the UE oran identifier converted from the SUCI, receive an AV request responsemessage sent by the UDM/ARPF, wherein the AV request response messagecarries an AV of the UE obtained by the UDM/ARPF according to the SUCIof the UE or an identifier converted from the SUCI.

Alternatively, when the first identifier includes a TMPI and the BSFcannot find the security context of the UE according to the TMPI, theobtaining unit is specifically configured to: acquire an SUCI of the UEor an identifier converted from the SUCI, send an AV request message toan AUSF, wherein the AV request message carries the SUCI of the UE or anidentifier converted from the SUCI.

The AUSF determines a corresponding UDM/ARPF according to the SUCI ofthe UE or the routing information in the identifier converted from theSUCI, forwards the AV request message to the corresponding UDM/ARPF, andreceives an AV request response message sent by the UDM/ARPF, whereinthe AV request response message carries an AV of the UE, and the AV isobtained by the UDM/ARPF according to the SUCI of the UE or anidentifier converted from the SUCI, and then the AUSF forwards the AVrequest response message to the obtaining unit.

When the first identifier includes the TMPI and the BSF finds thesecurity context of the UE according to the TMPI but the time period ofthe security context of the UE is invalid, the acquisition unit isspecifically configured to: determine a corresponding UDM/ARPF accordingto a SUPI or MSISDN or service identifier of the UE contained in thesecurity context;

-   -   send an AV request message to the corresponding UDM/ARPF,        wherein the AV request message carries the SUPI or MSISDN or a        service identifier of the UE;    -   receive an AV request response message sent by the UDM/ARPF,        wherein the AV request response message carries an AV of the UE        obtained by the UDM/ARPF according to the SUPI or MSISDN or        service identifier of the UE.

Alternatively, when the first identifier includes a TMPI and the BSFfinds the security context of the UE according to the TMPI but the timeperiod of the security context of the UE is invalid, the acquisitionunit is specifically configured to: send an AV request message to anAUSF, wherein the AV request message carries a SUPI or MSISDN or aservice identifier of the UE contained in the security context.

The AUSF determines a corresponding UDM/ARPF according to the SUPI orMSISDN or service identifier of the UE, and forwards the AV requestmessage to the corresponding UDM/ARPF, and the AUSF receives an AVrequest response message sent by the UDM/ARPF, wherein the AV requestresponse message carries an AV of the UE, and the AV is obtained by theUDM/ARPF according to the SUPI or MSISDN or service identifier of theUE, and then the AUSF forwards the AV request response message to theobtaining unit.

In the present embodiment, the acquisition unit is further configuredto, when the first identifier comprises a TMPI and the BSF finds asecurity context of the UE according to the TMPI and a time period ofthe security context of the UE is valid, the BSF directly acquires an AVof the UE according to the security context.

When the first identifier comprises SUCI or an identifier converted fromSUCI, the BSF determines a corresponding UDM/ARPF according to the firstidentifier; and the obtaining unit is further configured to: determine acorresponding UDM/APRF according to the SUCI of the UE or the routinginformation in the identifier converted from the SUCI; send an AVrequest message to the corresponding UDM/ARPF, wherein the AV requestmessage carries the SUCI of the UE or an identifier converted from theSUCI; and receive an AV request response message sent by the UDM/ARPF,wherein the AV request response message carries an AV of the UE obtainedby the UDM/ARPF according to the SUCI of the UE or an identifierconverted from the SUCI.

Alternatively, when the first identifier comprises SUCI or an identifierconverted from SUCI, the acquisition unit is further configured to sendan AV request message to an AUSF, wherein the AV request message carriesa SUCI of the UE or an identifier converted from the SUCI. The AUSFdetermines a corresponding UDM/ARPF according to the SUCI of the UE orthe identifier routing information converted from the SUCI, and forwardsthe AV request message to the corresponding UDM/ARPF. The AUSF receivesan AV request response message sent by the UDM/ARPF, wherein the AVrequest response message carries an AV of the UE, and the AV is obtainedby the UDM/ARPF according to the SUCI of the UE or an identifierconverted from the SUCI. The AUSF forwards the AV request responsemessage to the obtaining unit.

Embodiment Seven

FIG. 11 is a schematic structural diagram of an authentication servicefunction AUSF according to embodiment seven of the present disclosure.As shown in FIG. 11, the AUSF includes:

-   -   a first receiving unit, configured to receive an AV request        message sent by a BSF, wherein the AV request message carries        the SUCI of the UE or an identifier converted from the SUCI;    -   a determination unit, configured to determine a corresponding        UDM/ARPF according to the SUCI of the UE or the routing        information in the identifier converted from the SUCI;    -   a first sending unit, configured to forward the AV request        message to the corresponding UDM/ARPF;    -   a second receiving unit, configured to receive an AV request        response message sent by the UDM/ARPF, wherein the AV request        response message carries an AV of the UE, and the AV is obtained        by the UDM/ARPF according to the SUCI of the UE or an identifier        converted from the SUCI; and    -   a second sending unit to forward the AV request response message        to the BSF.

FIG. 12 is a schematic structural diagram of another AUSF according toEmbodiment seven of the present disclosure. As shown in FIG. 12, theAUSF includes:

-   -   a first receiving unit, configured to receive an AV request        message sent by a BSF, wherein the AV request message carries a        SUPI or MSISDN or a service identifier of the UE;    -   a determination unit, configured to determine a corresponding        UDM/ARPF according to the SUPI or MSISDN or service identifier        of the UE;    -   a first sending unit, configured to forward the AV request        message to the corresponding UDM/ARPF;    -   a second receiving unit, configured to receive an AV request        response message sent by the UDM/ARPF, wherein the AV request        response message carries an AV of the UE, wherein the AV is        obtained by the UDM/ARPF according to the SUPI or MSISDN or        service identifier of the UE; and a second sending unit,        configured to forward the AV request response message to the        BSF.

Embodiment Eight

FIG. 13 is a schematic structural diagram of a unified data managementfunction UDM/authentication credential storage and processing functionARPF according to Embodiment eight of the present disclosure. As shownin FIG. 13, the UDM/ARPF includes:

-   -   a receiving unit, configured to receive an AV request message        from a BSF or an AUSF, wherein the AV request message carries a        SUCI of the UE or an identifier converted from the SUCI;    -   an acquisition unit, configured to acquire a SUPI of the UE and        subscription information corresponding to the SUPI according to        the SUCI of the UE or an identifier converted from the SUCI; and    -   a sending unit, configured to obtain an AV of the UE according        to the subscription information and send an AV request response        message to the BSF or the AUSF, wherein the AV request response        message carries the AV of the UE.

FIG. 14 is a schematic structural diagram of another unified datamanagement function UDM/authentication credential storage and processingfunction ARPF according to embodiment eight of the present disclosure.As shown in FIG. 14, the UDM/ARPF includes:

-   -   a receiving unit, configured to receive an AV request message        from a BSF or an AUSF, wherein the AV request message carries an        SUPI or MSISDN or a service identifier of the UE;    -   an acquisition unit, configured to directly acquire subscriber        subscription information of the UE according to the SUPI or        MSISDN or the service identifier of the UE; and a sending unit,        configured to obtain an AV of the UE according to the        subscription information and    -   send an AV request response message to the BSF or the AUSF,        wherein the AV request response message carries the AV of the        UE.

Embodiment Nine

FIG. 15 is a schematic structural diagram of a UE according toEmbodiment nine of the present disclosure. As shown in FIG. 15, the UEincludes:

A sending unit, configured to send an initialization request message toa bootstrapping service function BSF, wherein the initialization requestmessage carries a first identifier of the UE, and the first identifiercomprises at least one of the following: a SUCI, an identifier convertedfrom the SUCI, and a TMPI associated with the subscriber identity.

The sending unit is further configured to, when the first identifiercomprises the TMPI and the BSF cannot find the security context of theUE according to the TMPI, send a Subscriber Hidden Identifier SUCI ofthe UE or an identifier converted from the SUCI to the BSF.

An embodiment of the present disclosure further provides a BSF, whichcomprises a memory and a processor. A computer program stored in thememory and run on the processor, and the computer program, when executedby the processor, implements the authentication method as described inany one of the above embodiments.

An embodiment of the present disclosure further provides a computerreadable storage medium, and the computer readable storage medium storesan information processing program, and when the information processingprogram is executed by a processor, the steps of the authenticationmethod according to any one of the foregoing embodiments areimplemented.

Those of ordinary skill in the art can appreciate that the functionalblocks/units in all or some of the steps, systems, and apparatuses ofthe methods disclosed above can be implemented as software, firmware,hardware, and any suitable combination thereof. In a hardwareimplementation, the division between functional modules/units referredto in the above description does not necessarily correspond to thedivision of physical components; for example, one physical component mayhave multiple functions, or one function or step may be cooperativelyperformed by several physical components. Some or all components may beimplemented as software executed by a processor, such as a digitalsignal processor or microprocessor, or as hardware, or as an integratedcircuit, such as an application specific integrated circuit. Suchsoftware may be distributed on computer-readable media, which mayinclude computer storage media (or non-transitory media) andcommunication media (or transitory media). As is well known to thoseskilled in the art, the term computer storage medium includes volatileand non-volatile, removable and non-removable media implemented in anymethod or technique for storing information (such as computer readableinstructions, data structures, program modules, or other data). Computerstorage media includes, but is not limited to, RAM, ROM, EEPROM, flashmemory or other memory technology, CD-ROM, digital versatile discs (DVD)or other optical disk storage, magnetic cassettes, magnetic tape,magnetic disk storage or other magnetic storage devices, or any othermedium which can be used to store the desired information and which canbe accessed by a computer. In addition, communication media typicallyembodies computer readable instructions, data structures, programmodules, or other data in a modulated data signal such as a carrier waveor other transport mechanism and may include any information deliverymedia as is known to those of ordinary skill in the art.

Although the embodiments disclosed in the present disclosure aredescribed above, the described contents are only the embodiments adoptedto facilitate understanding of the present disclosure, and are notintended to limit the present disclosure. Those skilled in the art canmake various modifications and variations to the present disclosurewithout departing from the scope of the present disclosure. The scope ofthe present disclosure is defined by the appended claims.

1. An authentication method based on a Generic BootstrappingArchitecture (GBA), comprising: receiving, by a Bootstrapping ServiceFunction (BSF), an initialization request message sent by a UE, whereinthe initialization request message carries a first identifier of the UE,and the first identifier comprises at least one of the following: aSubscriber Concealed Identifier (SUCI), an identifier converted from theSUCI, and a temporary identifier (TMPI) associated with the subscriberidentity; acquiring, by the BSF, an Authentication Vector (AV) of the UEaccording to the first identifier; completing, by the BSF, a GBAauthentication with the UE according to the acquired AV.
 2. Theauthentication method according to claim 1, wherein the identifierconverted from the SUCI comprises the SUCI and routing information,wherein the routing information comprises a mobile network code (MNC)and a mobile country code (MCC) of the UE, and a routing indicator (RID)in the SUCI.
 3. The authentication method according to claim 1, whereinthe identifier converted from the SUCI being: SUCI@ims.mobile networkcode.mobile country code.routing indicator.3gppnetwork.org.
 4. Theauthentication method according to claim 1, wherein acquiring, by theBSF, the AV of the UE according to the first identifier comprises:determining, by the BSF, a corresponding UDM/APRF according to the firstidentifier, and directly acquiring, by the BSF, the AV of the UE fromthe corresponding UDM/ARPF; or determining a corresponding UDM/APRFaccording to the first identifier through an authentication servicefunction(AUSF) and acquiring the AV of the UE from the correspondingUDM/ARPF.
 5. The authentication method according to claim 4, wherein,when the first identifier comprises a TMPI and the BSF cannot find thesecurity context of the UE according to the TMPI, determining, by theBSF, the corresponding UDM/APRF according to the first identifier, anddirectly acquiring, by the BSF, the AV of the UE from the correspondingUDM/ARPF comprises: obtaining, by the BSF, the SUCI of the UE or theidentifier converted from the SUCI; determining a corresponding UDM/APRFaccording to the SUCI of the UE or the routing information in theidentifier converted from the SUCI; sending an AV request message to thecorresponding UDM/ARPF, wherein the AV request message carries the SUCIof the UE or the identifier converted from the SUCI; receiving the AVrequest response message sent by the UDM/ARPF, wherein the AV requestresponse message carries the AV of the UE obtained by the UDM/ARPFaccording to the SUCI of the UE or the identifier converted from theSUCI; or, when the first identifier comprises the TMPI and the BSFcannot find the security context of the UE according to the TMPI,determining the corresponding UDM/ARPF according to the first identifierthrough the AUSF and acquiring the AV of the UE from the correspondingUDM/ARPF comprises: obtaining, by the BSF, the SUCI of the UE or anidentifier converted from the SUCI; sending an AV request message to theAUSF, wherein the AV request message carries the SUCI of the UE or theidentifier converted from the SUCI; determining, by the AUSF, acorresponding UDM/ARPF according to the SUCI of the UE or the routinginformation in the identifier converted from the SUCI; forwarding, bythe AUSF, the AV request message to the corresponding UDM/ARPF;receiving, by the AUSF, an AV request response message sent by theUDM/ARPF, wherein the AV request response message carries the AV of theUE, wherein the AV of the UE is obtained by the UDM/ARPF according tothe SUCI of the UE or the identifier converted from the SUCI;forwarding, by the AUSF, the AV request response message to the BSF. 6.The authentication method according to claim 4, wherein, when the firstidentifier comprises the TMPI and the BSF finds the security context ofthe UE according to the TMPI but a time period of the security contextof the UE is invalid, determining, by the BSF, a corresponding UDM/ARPFaccording to the first identifier and directly acquiring, by the BSF,the AV of the UE from the corresponding UDM/ARPF comprises: determining,by the BSF, a corresponding UDM/ARPF from a subscriber permanentidentifier (SUPI) or MSISDN or a service identifier of the UE containedin the security context; sending, by the BSF, an AV request message tothe corresponding UDM/ARPF, wherein the AV request message carries theSUPI or MSISDN or a service identifier of the UE; receiving, by the BSF,an AV request response message sent from the UDM/ARPF, wherein the AVrequest response message carries the AV of the UE obtained by theUDM/ARPF according to the SUPI or the MSISDN or the service identifierof the UE; or, when the first identifier comprises the TMPI and the BSFfinds the security context of the UE according to the TMPI but a timeperiod of the security context of the UE is invalid, determining thecorresponding UDM/APRF according to the first identifier and acquiringthe AV of the UE from the corresponding UDM/APRF through the AUSFcomprises: sending, by the BSF, the AV request message to the AUSF, andthe AV request message carries the SUPI or the MSISDN or the serviceidentifier of the UE contained in the security context; determining, bythe AUSF, the corresponding UDM/ARPF according to the SUPI or the MSISDNor the service identifier of the UE, and forwarding the AV requestmessage to the corresponding UDM/ARPF; receiving, by the AUSF, the AVrequest response message sent by the UDM/ARPF, wherein the AV requestresponse message carries the AV of the UE, and the AV is obtained by theUDM/ARPF according to the SUPI or the MSISDN or the service identifierof the UE; forwarding, by the AUSF, the AV request response message tothe BSF.
 7. The authentication method according to claim 1, whereinacquiring, by the BSF, the AV of the UE according to the firstidentifier comprises: when the first identifier comprises the TMPI andthe BSF finds a security context of the UE according to the TMPI and atime period of the security context of the UE is valid, the BSF directlyacquires the AV of the UE according to the security context.
 8. Theauthentication method according to claim 4, wherein, when the firstidentifier comprises the SUCI or the identifier converted from the SUCI,the BSF determines the corresponding UDM/ARPF according to the firstidentifier, and directly acquiring the AV of the UE from thecorresponding UDM/ARPF comprises: determining, by the BSF, thecorresponding UDM/APRF according to the SUCI of the UE or the routinginformation in the identifier converted from the SUCI; sending, by theBSF, the AV request message to the corresponding UDM/ARPF, wherein theAV request message carries the SUCI of the UE or the identifierconverted from the SUCI; receiving, by the BSF, an AV request responsemessage sent by the UDM/ARPF, wherein the AV request response messagecarries the AV of the UE, and the AV is obtained by the UDM/ARPFaccording to the SUCI of the UE or the identifier converted from theSUCI; or, when the first identifier comprises the SUCI or the identifierconverted from the SUCI, determining the corresponding UDM/APRFaccording to the first identifier through the AUSF, and acquiring the AVof the UE from the corresponding UDM/ARPF comprises: sending, by theBSF, the AV request message to the AUSF, wherein the AV request messagecarries the SUCI of the UE or the identifier converted from the SUCI;determining, by the AUSF, the corresponding UDM/ARPF according to theSUCI of the UE or routing information in the identifier converted fromthe SUCI, and forwarding the AV request message to the correspondingUDM/ARPF; receiving, by the AUSF, the AV request response message sentby the UDM/ARPF, wherein the AV request response message carries the AVof the UE, and the AV is obtained by the UDM/ARPF according to the SUCIof the UE or the identifier converted from the SUCI; forwarding, by theAUSF, the AV request response message to the BSF.
 9. The authenticationmethod according to claim 5, wherein obtaining, by the UDM/ARPF, the AVof the UE according to the SUCI of the UE or the identifier convertedfrom the SUCI comprises: obtaining, by the UDM/ARPF, the SUPI of the UEand subscription information corresponding to the SUPI according to theSUCI of the UE or the identifier converted from the SUCI; and obtainingthe AV of the UE according to the subscription information.
 10. Theauthentication method according to claim 6, wherein obtaining, by theUDM/ARPF, the AV of the UE according to the SUPL or the MSISDN or theservice identifier of the UE comprises: acquiring, by the UDM/ARPF,subscription information of the UE according to the SUPI or the MSISDNor the service identifier of the UE; and obtaining the AV of the UEaccording to the subscription information.
 11. Authentication systembased on Generic Bootstrapping Architecture (GBA), comprising: abootstrapping service function (BSF), configured to receive aninitialization request message sent by a UE, wherein the initializationrequest message carries a first identifier of the UE, and the firstidentifier comprises at least one of the following: a SubscriberConcealed Identifier (SUCI), an identifier converted from the SUCI, anda temporary identifier (TMPI) associated with the subscriber identity;acquire an AV of the UE according to the first identifier; complete aGeneric Bootstrapping Architecture (GBA) authentication with the UEaccording to the acquired AV.
 12. The authentication system according toclaim 11, the system further comprises a UDM/ARPF, wherein the BSF isconnected to the UDM/ARPF through a G5 interface; the BSF is configuredto determine a corresponding UDM/ARPF according to the first identifier,and directly acquire an AV of the UE from the corresponding UDM/ARPF;or, the system further comprises an AUSF and a UDM/ARPF, and the BSF isconnected with the AUSF and the UDM/ARPF via G5 interfaces respectively;the BSF is configured to determine a corresponding UDM/APRF according tothe first identifier through the AUSF, and acquire the AV of the UE fromthe corresponding UDM/ARPF.
 13. A bootstrapping service function (BSF),comprising: a receiving unit, configured to receive an initializationrequest message sent by a UE, wherein the initialization request messagecarries a first identifier of the UE, and the first identifier comprisesat least one of the following: a Subscriber Concealed Identifier (SUCI),an identifier converted from the SUCI, and a temporary identifier (TMPI)associated with the subscriber identity; an acquisition unit, configuredto acquire an AV of the UE according to the first identifier; anauthentication unit, configured to complete a Generic BootstrappingArchitecture (GBA) authentication with the UE according to the acquiredAV.
 14. The BSF of claim 13, further comprising: an acquisition unit,configured to acquire a Subscriber Concealed Identifier (SUCI) of the UEor an identifier converted from the SUCI, when the first identifiercomprises the TMPI and the BSF cannot find the security context of theUE according to the TMPI. 15-20. (canceled)
 21. A bootstrapping servicefunction (BSF), comprising a memory and a processor, and a computerprogram stored in the memory and run on the processor, wherein thecomputer program, when executed by the processor, perform theauthentication method as claimed in claim
 1. 22. A computer readablestorage medium, wherein the computer readable storage medium stores aninformation processing program, and when being executed by a processor,the information processing program performs steps of the authenticationmethod as claimed in claim
 1. 23. The authentication method according toclaim 8, wherein obtaining, by the UDM/ARPF, the AV of the UE accordingto the SUCI of the UE or the identifier converted from the SUCIcomprises: obtaining, by the UDM/ARPF, the SUPI of the UE andsubscription information corresponding to the SUPI according to the SUCIof the UE or the identifier converted from the SUCI; and obtaining theAV of the UE according to the subscription information.
 24. Abootstrapping service function (BSF), comprising a memory and aprocessor, and a computer program stored in the memory and run on theprocessor, wherein the computer program, when executed by the processor,perform the authentication method as claimed in claim
 2. 25. Abootstrapping service function (BSF), comprising a memory and aprocessor, and a computer program stored in the memory and run on theprocessor, wherein the computer program, when executed by the processor,perform the authentication method as claimed in claim
 4. 26. Abootstrapping service function (BSF), comprising a memory and aprocessor, and a computer program stored in the memory and run on theprocessor, wherein the computer program, when executed by the processor,perform the authentication method as claimed in claim 5.